Overview

Scams are dishonest schemes that attempt to get people to hand over money or give financial and personal information. Scammers often use basic information they have gathered about you to trick you into giving more financial and personal information. A phishing scam is when someone does this by pretending to be an individual or company you know.

Be smart from the start

Be cautious when asked to provide financial and personal information of any kind to anyone. Scammers may pretend to be from:

  • your family
  • your bank
  • a utility company
  • an insurance company
  • a company you may do business with (for example, Amazon or Costco)
  • a service provider (for example, duct cleaner, internet or mobile services)
  • the government

If you have concerns with the legitimacy of a request for personal or financial information, contact the organisation, through their normal channels, before you respond.

Although most people use the term fraud when describing a scam, it is only considered fraud when a scam is successful.

Types of scams

These are the most common types of phishing scams that you should be aware of.

Hyperlinks - you are asked to select a hyperlink that takes you to a website that gathers personal details about you such as interests and recent online activity.

Text (SMS) - you receive a text message from a scammer that asks for your financial and personal information through text messaging or to click a link that takes you to a website to try to collect your financial and personal information (such as your full name, date of birth, banking/credit card information).

Telephone - you receive a phone call from a scammer enticing you to give them financial and personal information. In many cases, these scammers have a sense of urgency or tell you that you need to act immediately.

Email - you receive an email from a scammer impersonating a known institution or business with a hyperlink or downloadable document that is designed to collect your financial and personal information.

Social media - you receive messages on social media platforms pretending to be customer support asking you to share financial and personal information.

QR codes - you receive a QR code, usually by email, that takes you to a malicious website designed to collect your financial and personal information.

Signs of a scam

Help protect yourself from a scam by looking out for these common signs:

  • Pressure to make a quick decision either overnight or on the spot and are threatened if you don’t comply.
  • Requests to keep matters confidential and not share the details with local authorities or family and relatives.
  • Urgent messages demanding you contact the sender immediately.
  • Being asked to provide money in unusual formats such as gift cards, bit coin and prepaid credit cards.
  • An email from an unknown sender with a link or attachment.
  • Email or phone requests for financial information (for example, credit card number, bank account information and personal identification number (PIN)).
  • Email or phone requests for personal information (for example, Social Insurance Number (SIN), date of birth and security answers).

Protect yourself from getting scammed

Here are some tips and hints to protect yourself from a potential phishing scam:

  • Ignore emails from unknown senders and block the sender from sending additional suspicious emails.
  • If you receive a message from an unknown sender, don't open any attachments or follow any links to third-party websites.
  • Beware of upfront fees.
  • Look for the secure symbol. Legitimate websites that ask you to enter confidential information are generally encrypted to protect your details. You can identify secure websites by either:
    • 'https:' rather than 'http:' at the start of the internet address
    • a closed padlock or unbroken key icon at the bottom right corner of your browser window
  • Avoid sending sensitive information over email and text message.
  • Never provide your personal, credit card or online account details if you receive a call claiming to be from your bank or any other organisation. Instead, ask for their name and contact number and check with the organisation in question before calling back.

Protect your business against scams

Scams can impact every business, regardless of location, size or industry. Methods scammers use to target businesses are similar to those targeting consumers and may include:

  • pretending to be someone you trust or an employee of a company you know or a government
  • creating a sense of urgency
  • using intimidation or fear
  • wanting to use untraceable payment methods

The best way to prevent your business from becoming a victim of fraud is for you and your employees to be informed and pay attention.

Resources to protect your business from scams

Communicating with the Government of Ontario

Scammers will often pretend to be associated with the government. In some cases, scammers use current issues (such as changes to licence plate stickers or vaccine certificates) as part of the scam. 

The Government of Ontario will never contact you directly to:

  • ask for personal information (for example, Social Insurance Number (SIN), bank account information, health information)
  • offer you money or a reward
  • sign you up for a rebate program

There are legitimate instances in which government staff will contact you by email or phone. These include:

  • to respond to a question or complaint you have filed. In such instances, government staff will reference a file number, or specific correspondence that you sent
  • to remind you to renew a licence (for example, licence plate or business licence)
  • to advise you of changes to legislation or regulations relevant to your business

If you are unsure if an email or phone call is from the Ontario Government, you should use our ministry contacts to verify the request before you share any information. Find out how to contact different ministries.

Report a scam

If you think you may be a victim of a fraud or scam, there are immediate steps you can take to limit the damage, protect yourself from further loss and report the scammer.

Step 1: Stop communicating with the scammer

  • Stop all communication with the scammer right away

Step 2: Update your accounts

  • Change passwords to accounts that may have been affected, including social media sites
  • Notify banks and other companies where you have an account that may have been affected
  • Put an alert on your credit report by contacting a consumer reporting agency, such as Equifax Canada or TransUnion Canada (the consumer reporting agency may charge a fee to add an alert to your credit report)

Step 3: Report the scam or fraud

  • Report the scam or fraud to your local police and the Canadian Anti-Fraud Centre
  • Gather all records you have of the fraud or scam, such as:
    • correspondence with the scammer (for example, letters, emails, text messages)
    • financial statements
    • receipts
    • contracts
    • contact information the scammer used to contact you (for example, phone number(s), email address(es))
    • websites and social media accounts used for the scam
    • any papers, marketing material or ads used for the scam (for example, brochures, flyers, copies of ads on classified sites)
  • Avoid touching documents that the scammer may have touched, and protect them with a plastic case or cover (if the scam occurred in person)
  • Document your actions in a log and include when you first started noticing the fraud (including dates, times, names and contact information) which is useful if/when you contact law enforcement, financial institutions or other agencies

If you believe the scam may have resulted in identity theft, learn more about dealing with identity theft.

Resources

Visit the Government of Canada’s website to view recent fraud alerts.

You can also read their Little Black Book of Scams to learn more about different types of scams and how to protect yourself.

Cyber security

Learn how our Cyber Security Centre of Excellence helps strengthen cyber security across ministries and broader public sector organizations.

Find out more about cyber security.